Exch 2010sp1 Slow SMTP Queue Outbound
We are having problems with extremely slow delivery of email on our outbound SMTP delivery. We have the following setup. 3 HT/CAS servers with WNLB. All 3 have an outbound connector setup to point to Postini for email filtering. We have a TMG 2010 server between them and the internet. We seem to get inbound email quickly and all internal email is very fast. Outbound sits in the queue for ever before being sent. It appears only 2 or 3 "active" connections per HT server at one time. This has only become a problem since moving to 2010 from 2003 and from ISA 06 to TMG 2010. I am not sure where the setting might be to increase the connections allowed or if that is the problem. There are no errors reported it just seems to run slow. We do have TLS enabled if the other end can handle it. This is not a resource or bandwidth issue either. I've gone through the connector setting and don't see anything restricting the number of connections. As an example it may take up to 20 minutes for an email to be delivered out of the queue and the queue only contains about 20 messages per server. We have around 800 users so we are not talking about thousands of users. Any ideas? Thanks in advance.
September 12th, 2011 7:30pm

You should not have many connections from your HT since you deliver mail to postini. could it be that the shadow queue function trick you thinking mail delivery is slow? http://technet.microsoft.com/en-us/library/dd351027.aspx lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 8:49pm

I don't think that is the problem. There is only one queue that is filling up on each server and it is the outbound "smarthostconnectordelivery" to postini. Each message sits in these queues for up to 20 minutes before going out. No messages in the queue have errors and everthing will go out it just takes a long time.
September 12th, 2011 9:33pm

what if you configure a HT to send directly to Internet (and allow it in FW), does it queue up anywhat or is mail delivered as expected?. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 9:59pm

Ok I removed the smarthost and all the DnsConnectorDelivery queue's fire up just fine. All of them can go to active and mail is delivering very rapidly. So is there something that throttles a smarthost to only deliver a few emails at a time or a per queue max? I have never seen more than 2 active emails in the postini queue at one time.
September 12th, 2011 10:53pm

Have you taken a look at your smtp send connector logs? I would see if it's postini that's throttling back your connection, the logs will show that.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 11:36pm

What should I be looking for in the logs? I see normal connection info. Would there be a pause or something?
September 12th, 2011 11:40pm

After more research and reading up on the postini docs, postini recommends not using a smarthost but use the private DNS method in the connector. "Smarthost solutions for Microsoft Exchange can cause mail queueing delays. Private Outbound DNS Service is designed to ease setup and prevent queueing delays." http://www.postini.com/webdocs/outbound/en/outbound_config_en.pdf Here is a post as well from other users experiencing queuing and resolved using the private dns method. Edge Transport queueing mail with status Ready, extremely slow delivery - help please! http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/86380772-9f08-4c3b-a56d-70d92e945b39 Here is a post I found for a user explaning the behavior with postini "Postini has problems taking delivery from an SMTP connector. They aren't actually doing store-and-forward-- they were acting more like a layer 7 proxy between the remote destination SMTP server and your sending SMTP server. If the remote SMTP server had rejects a recipient, for example, Postini will return an error that puts the SMTP connector into retry state, "clogging up" the SMTP connector's queue. They haven't changed this behavior, so you're going to have to go thru stupid configuration tricks to route around their brain-damage" http://www.google.com/support/appsecurity/bin/answer.py?hl=en&answer=138629 In either case I would take the issue up with postini or do the private dns method since it's explictly mentioned as the preferred method on their doc. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 3:26am

Hi Carpadum Any update for your issue, above gave some good information. If you have other issue or question, please feel free let us know. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 13th, 2011 12:52pm

Thanks for all the info. I read through the postini docs and decided to try the outside DNS method because we use opportunistic TLS which is not supported in SMTP Service on IIS 7.5. I configured all HT servers according to the documentation and had major problems. One of the HT servers reported DNS lookup failures however the other one did not. I don't know how this could be and after doing the "troubleshooting" steps to change to postini's DNS via nslookup I determined it was not a problem with the firewall. DNS was working, it just was not working in exchange. Also our DAG failed and we ended up with corruption in both database servers. An error occurred while trying to write to the cluster database. Error: ClusterRegBatchClose failed with error 1726. From what I have found it appears this can happen when DNS is not properly setup. This was strange because we did not change DNS on the mailbox servers. At this point the primary was in a failed state and the secondary reported dismounted. I'm not sure what happened but it took a mount-database -force to bring the failover dag back online. Then I had to promote the primary back into active. The concept of all of this makes sense but for some reason it did not work for us. We already had the inbound setup just like postini described, we only lacked the outbound outside dns config. We only had one send connector (smarthost to postini) so all I did was change that after setting the postini dns server as an outside dns provider on each HT. Could this be a bug? Does it not work with WNLB?
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 10:15pm

How did you configure DNS on HUB servers? DNS in Win should point to internal server maintaining zone for AD. Configure DNS server on HT server object to use an external server. On SMTP connector to internet, configure it to use external DNS lookup. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
September 13th, 2011 10:27pm

That is what I did. I changed the properties of the DNS in EMC not in networking.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 10:29pm

Do you allow both TCP and UDP to port 53 from HT servers to DNS server on Internet? lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
September 13th, 2011 10:31pm

Need to test if nslookup on the failing box to see if postini is refusing lookups for that host. nslookup server (ip of the postini dns server) google.com Do you get query refused? Do same test on working server.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 12:00am

Hi Carpadum, Per your description, the issue sounds odd. I would suggest that you could open a ticket from MS, you will get more help from there. I have run into the issue with a scenario that used exchange 2003 and used the postini as the the smarthost. The workaround is use other smarthost, and then to the postini. The cause is that SMTP Connector expects a store & forward type smarthost (postini) for outboung mails, and the SMTP proxy function delays respond to SMTP command and results in subsequent delay on following mails. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contacttngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 14th, 2011 6:01am

Yes DNS was working fine from all hosts (nslookup). Not a firewall issue. Using a smarthost is not an option for us because we use opertunistic TLS which is not supported on iis 7.5 smtp. I guess I will open a case with MS.
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 5:37pm

Hi Carpadum, If you have new update, please post here. Thanks a lot. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 15th, 2011 10:03am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics